issue60, make sure provided photo id is numeric
[phpfspot.git] / rpc.php
diff --git a/rpc.php b/rpc.php
index b5d5d357f162aa50568d05a84d4bc550077f5cee..bdb7004ad6de1d6a03ec68c1760077517aa8e67d 100644 (file)
--- a/rpc.php
+++ b/rpc.php
@@ -8,7 +8,7 @@
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
  *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
+ *  any later version.
  *
  *  This program is distributed in the hope that it will be useful,
  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -27,14 +27,12 @@ class PHPFSPOT_RPC {
 
    public function __construct()
    {
-
       session_start();
 
    } // __construct()
 
    function process_ajax_request()
    {
-
       require_once 'HTML/AJAX/Server.php';
 
       $server = new HTML_AJAX_Server();
@@ -44,59 +42,100 @@ class PHPFSPOT_RPC {
 
       switch($_GET['action']) {
          case 'showphoto':
-
-            $fspot->showPhoto($_GET['id']);
+            if(isset($_GET['id']) && is_numeric($_GET['id'])) {
+               $fspot->showPhoto($_GET['id']);
+            }
             break;
    
          case 'show_available_tags':
-
             $fspot->getAvailableTags();
             break;
 
          case 'show_selected_tags':
-
             $fspot->getSelectedTags();
             break;
 
          case 'addtag':
-
-            $fspot->addTag($_GET['id']);
+            if(isset($_GET['id']) && is_numeric($_GET['id'])) {
+               $fspot->addTag($_GET['id']);
+            }
             break;
 
          case 'deltag':
-
-            $fspot->delTag($_GET['id']);
+            if(isset($_GET['id']) && is_numeric($_GET['id'])) {
+               $fspot->delTag($_GET['id']);
+            }
             break;
 
-         case 'resettags':
-
+         case 'reset':
+            $fspot->resetTagSearch();
             $fspot->resetTags();
+            $fspot->resetDateSearch();
+            $fspot->resetPhotoView();
             break;
 
          case 'tagcondition':
-
-            $fspot->setTagCondition($_GET['mode']);
+            if(isset($_GET['mode']) && in_array($_GET['mode'], Array('or', 'and'))) {
+               $fspot->setTagCondition($_GET['mode']);
+            }
             break;
 
          case 'show_photo_index':
-
-            $_SESSION['begin_with'] = $_GET['begin_with'];
+            if(isset($_GET['begin_with']) && is_numeric($_GET['begin_with'])) {
+               $_SESSION['begin_with'] = $_GET['begin_with'];
+            }
+            else {
+               unset($_SESSION['begin_with']);
+            }
             $fspot->showPhotoIndex();
             break;
    
-         case 'showbubbledetails':
-      
-            $fspot->showBubbleDetails($_GET['id'], $_GET['direction']);
+         case 'showcredits':
+            $fspot->showCredits();
             break;
 
-         case 'showcredits':
+         case 'search':
+               $fspot->startSearch($_GET['for'], $_GET['sort_order'], $_GET['from'], $_GET['to']);
+            
+            if((isset($_GET['from']) && $fspot->isValidDate($_GET['from'])) &&
+               (isset($_GET['to']) && $fspot->isValidDate($_GET['to']))) {
+            }
+            else {
+               $fspot->startSearch($_GET['for'], $_GET['sort_order']);
+            }
+            break;
 
-            $fspot->showCredits();
+         case 'get_export':
+            /* $_GET['mode'] will be validated by getExport() */
+            $fspot->getExport($_GET['mode']);
             break;
 
-         case 'tag_search':
+         case 'get_photo_to_show':
+            $fspot->getCurrentPhoto();
+            break;
+
+         case 'get_calendar_matrix':
+            if((is_numeric($_GET['year']) || !isset($_GET['year'])) &&
+               (is_numeric($_GET['month']) || !isset($_GET['month'])) &&
+               (is_numeric($_GET['day']) || !isset($_GET['day']))) {
+               $fspot->get_calendar_matrix($_GET['year'], $_GET['month'], $_GET['day']);
+            }
+            break;
 
-            $fspot->startTagSearch($_GET['for']);
+         case 'what_to_do':
+            print $fspot->whatToDo();
+            break;
+
+         case 'reset_slideshow':
+            print $fspot->resetSlideShow();
+            break;
+
+         case 'get_next_slideshow_img':
+            print $fspot->getNextSlideShowImage();
+            break;
+         
+         case 'get_prev_slideshow_img':
+            print $fspot->getPrevSlideShowImage();
             break;
 
       }